b'U.S. Department of the Interior\nOffice of Inspector General\n\n\n\n\n     EVALUATION REPORT\n\n\n      YEAR 2000 READINESS OF\nAUTOMATED INFORMATION SYSTEMS AT\n    THE BUREAU OF RECLAMATION\n\n             REPORT NO. 99-I-165\n               JANUARY 1999\n\x0cBACKGROUND\n\nThe \xe2\x80\x9cY2K problem\xe2\x80\x9d is the term used to describe the potential failure of information\ntechnology systems, applications, and hardware related to the change to the year 2000. Many\ncomputer systems that use two digits to keep track of the date will, on January 1, 2000,\nrecognize \xe2\x80\x9cdouble zero\xe2\x80\x9d not as 2000 but as 1900. This could cause computer systems to stop\nrunning or to start generating erroneous data. The problem has been recognized as nationally\nsignificant by the President in Executive Order 13073, issued in February 1998. The\nSecretary of the Interior, in a December 1997 memorandum, stated that the Y2K problem\nwas critical to the Department in meeting its mission and that resolution of the problem was\none of his highest priorities. Further, Office of Management and Budget Memorandum\n98-02, \xe2\x80\x9cProgress Reports on Fixing Year 2000 Difficulties,\xe2\x80\x9d issued on January 20, 1998,\nrequires all Federal executive branch agencies to ensure that Federal Government systems\ndo not fail because of the change to the year 2000 and to have all systems, applications, and\nhardware renovated by September 1998, validated by January 1999, and implemented (that\nis, \xe2\x80\x9cfixes to all systems--both mission critical and non-mission critical\xe2\x80\x9d) by March 1999. The\nOffice of Management and Budget, in Memorandum 98-02, states that it is to provide\n\xe2\x80\x9cinformation to the Congress and the public as part of its [Office of Management and\nBudget\xe2\x80\x99s] quarterly summary reports on agency progress. . . [and] to report on the status of\nagency validation and contingency planning efforts and on progress in fixing. . . equipment\nthat is date sensitive.\xe2\x80\x9d\n\nThe Department has developed the \xe2\x80\x9cDepartment of the Intenor Year 2000 Management\nPlan,\xe2\x80\x9d which focuses on the resolution of the Y2K problem and provides an overall strategy\nfor managing Departmental mission-critical systems and infrastructure. The Department has\na multitiered approach to managing the Y2K problem that includes a top tier, which\ncomprises the Secretary of the Interior; the Information Technology Steering Committee,\nwhich consists of the Chief of Staff and Assistant Secretaries; and the Chief Information\nOfficer, who is responsible for the Department\xe2\x80\x99s Y2K issues. This tier, which represents\nsenior-level Departmental managers, provides the Y2Kproject\xe2\x80\x99s direction and resources and\nensures accurate reporting to external organizations, such as the Office of Management and\nBudget and the Congress. A DepartmentwideY2K project team, which reports to the Chief\nInformation Officer and comprises representatives from each agency and the Office of the\nSecretary, is tasked with developing the Department\xe2\x80\x99s \xe2\x80\x9cYear 2000 Management Plan,\xe2\x80\x9d\nrefining inventory data on the Department\xe2\x80\x99s mission-critical and information technology\nportfolio systems,\xe2\x80\x99 and monitoring and reporting the progress of each conversion. In\naddition, a Y2K Embedded Microchip* Coordinators Team has been established to inventory\n\n\n\xe2\x80\x98The portfolio is an inventory listing of 13 crosscutting or sensitive systems that are receiving attention at the\nSecretarial level.\n\n\xe2\x80\x98Embedded microchips are \xe2\x80\x9cintegrated circuits (miniature circuit boards)\xe2\x80\x9d that control \xe2\x80\x9celectrical devices,\xe2\x80\x9d\nwhich include \xe2\x80\x9celevators; heating, ventilation, and air conditioning (HVAC) systems; water and gas flow\ncontrollers: aircraft navigational systems; . . . medical equipment\xe2\x80\x9d; and office devices such as telephones,\nfacsimile machines, pagers, and cellular telephones. (Department of the Interior\xe2\x80\x99s Office of Managing Risk\nand Public Safety \xe2\x80\x9cYear 2000 Embedded Microchip Hazards\xe2\x80\x9d [Web site])\n\n                                                        2\n\x0c                                                                    A-IN-BOR-00 l-98- R\n\n\n             United States Department of the Interior\n                           OFFICE OF INSPECTOR GENERAL\n                                   Washington, DC. 20X0\n\n\n\n                                                              JAN -8 m\n\n\n\n\n                          EVALUATION REPORT\nMemorandum\n\nTo:       Commissioner, Bureau of Reclamation\n          Director, Denver Administrative Service Center, Bureau of Reclamation\n                                 -7\nFrom:     Robert J. Williams -/!;-d.,& ,_ cc LLi%~.ruL.\n          Assistant Inspector General fo:Audits\n\nSubject: Evaluation Report on Year 2000 Readiness of Automated Information Systems at\n         the Bureau of Reclamation (So. 99-I-i65)\n\n                               INTRODUCTION\nThis report presents the results of our evaluation of the year 2000 (Y2K) readiness of\nautomated information systems at the Bureau of Reclamation and the Bureau\xe2\x80\x99s Denver\nAdministrative Service Center. The objective of our review was to determine whether the\nBureau inventoried its automated information systems and identified those systems that nere\nmission critical and were not Y2Kcompliant and whether the Bureau and the Service Center\n(1) developed auditable cost estimates for renovating systems to be Y2K compliant; (2)\nidentified, by name, individuals responsible for ensuring that the Bureau is Y2K compliant;\n(3) ensured that responsible individuals\xe2\x80\x99 personnel performance evaluation plans included\ncritical elements related to identifying and remedying Y2K problems; (4) developed a\ncredible plan that included milestones and a critical path to ensure that the Bureau is YZK\ncompliant; and (5) developed a contingency plan that would address the failure of any part\nof the systems not being Y2K ready. This review was conducted at the request of the\nDepartment of the Interior\xe2\x80\x99s Chief Information Officer to assist the Information Officer in\nmonitoring the progress ofDepartmental agencies in ensuring Y2K readiness, implementing\nY2K compliant systems, and validating the accuracy of the information reported by the\nDepartmental agencies to the Chief Information Officer.\n\x0cand monitor embedded microchip technology Y2K problems. The team is led by the Office\nofManaging Risk and Public Safety and comprises representatives ofthe eight Departmental\nagencies, the Denver Administrative Service Center: and various Departmental offices.\n\nThe Department\xe2\x80\x99s May 15, 1998, \xe2\x80\x9cProgress Report,\xe2\x80\x9d ivhich was submitted to the Office of\nManagement and Budget, reported that the Department had 91 mission-critical systems, of\nwhich the Bureau of Reclamation had 16 systems (see Appendix 1). In addition, the Federal\nPersonnel Payroll System (FPPS), which was developed and maintained by the Service\nCenter, is 1 of the Office of the Secretary\xe2\x80\x99s mission-critical systems and is 1 of the\nDepartment\xe2\x80\x99s 13 information technology portfolio systems. To address theY2K problems,\nthe Bureau established a Y2K project management structure. The structure included multiple\n\xe2\x80\x9cCoordination Teams,\xe2\x80\x9d which were headed by an executive Y2K manager who is the\nDirector of the Management Services Office, and the teams included the Reclamation\nInformation Resources Management Coordinator, the Manager of the Policy and Program\nManagement Group, the Bureau\xe2\x80\x99s IT (Information Technology) Security Manager, and Y2K\ncoordinators at Bureau program and regional offices. The Service Center also established\na Y2K project management structure that includes a Y2K executive, a Y2K program\nmanager, a Y2K coordinator, and three Y2K program element leaders.\n\nSCOPE OF EVALUATION\nTo accomplish our objective, we reviewed the documentation available that supported the\nBureau\xe2\x80\x99s information submitted to the Department\xe2\x80\x99s Chief Information Officer for the May\n1998 \xe2\x80\x9cProgress Report\xe2\x80\x9d and the documentation available that supported the information\nsubmitted by the Service Center to the Office of the Secretary. We performed our evaluation\nduring April through July 1998 at the Reclamation Service Center\xe2\x80\x99s Management Services\nOffice and the Denver Administrative Service Center, located in Denver, Colorado, and the\nBureau\xe2\x80\x99s Eastern Colorado Area Office, located in Loveland. Colorado. We interviewed\npersonnel responsible for project coordination to identify the Bureau\xe2\x80\x99s and the Service\nCenter\xe2\x80\x99s Y2K plans and progress. We also interviewed personnel involved in various\naspects of the Y2K project, including coordination. compliance identification, software\nremediation, and project management.\n\nThe evaluation was conducted in accordance lvith the \xe2\x80\x9cQuality Standards for Inspections,\xe2\x80\x9d\nissued by the President\xe2\x80\x99s Council on Integrity and Efficiency, and included such tests and\ninspection procedures considered necessary to accomplish the objective. Our conclusions\non the status of the progress made by the Bureau in addressing and remediating Y2K\nproblems were based on reviews of documentation maintained by the Management Services\nOffice and discussions with the Y2K coordinators throughout the Bureau and with\nindividuals performing remediation or replacement of noncompliant applications or\nhardware. Also, our conclusions on the status of the progress made by the Denver\nAdministrative Service Center were based on reviews of documentation and discussions with\nthe Y2K program manager, the Y2K coordinator, the program element leaders, and\nindividuals performing remediation or replacement of noncompliant applications or\nhardware. As specifically agreed to in our discussions with the Department\xe2\x80\x99s Chief\n\n                                            3\n\x0c Information Officer, we did not validate or certify that the Bureau\xe2\x80\x99s or the Service Center\xe2\x80\x99s\n systems were Y2K compliant.\n\n                         RESULTS OF EVALUATION\nRegarding the six areas that the Chief Information Officer requested us to evaluate, we found\nthat the Bureau had completed actions for two areas, had partially completed actions for three\nareas, and had not completed action for one area. Specifically, the Bureau had designated\nresponsible officials and had inventoried its automated information systems, but the\nDepartment\xe2\x80\x99s Office of Information Resources Management agreed that the Bureau had to\nreport only 16 of its 48 noncompliant mission-critical systems. Additionally, the Bureau had\nnot included critical elements related to identifying and remedying Y2K problems in all\nresponsible individuals\xe2\x80\x99 personnel performance evaluation plans; had not included all\nsystems in its master plan, which had completion dates that were inaccurate; and had\ncontingency plans that may not be adequate. For the remaining area, the Bureau had not\ndeveloped auditable cost estimates. Because actions have not been completed for all areas,\nwe believe that there is a risk that the Bureau may not meet the Office of Management and\nBudget\xe2\x80\x99s target date of March 1999 for having compliant Y2K systems implemented.\n\nAdditionally, of the five areas that the Chief Information Officer had requested us to review,\nwe found that the Denver Administrative Service Center had completed actions for three\nareas, had not completed actions for one area, and had determined that one area was not\napplicable. Specifically, the Service Center had developed a credible plan, including\nmilestones; had designated responsible individuals; and had updated the annual personnel\nperformance evaluation plans. However, the Center had not completed action on developing\na contingency plan but had determined that the development of auditable cost estimates was\nnot applicable to FPPS. As a result of the progress being made by Service Center Y2K\nproject management, we believe that the Service Center will meet the Office of Management\nand Budget\xe2\x80\x99s target date of March 1999 for having compliant Y2K systems implemented for\nFPPS if the Y2K project proceeds as scheduled. If delays are encountered, development of\ncontingency plans may be necessary.\n\nThe specific actions taken by the Bureau of Reclamation and the Service Center related to\neach area and other issues affecting the Bureau\xe2\x80\x99s and the Service Center\xe2\x80\x99s Y2K progress are\ndiscussed in the paragraphs that follow.\n\nAutomated Information Systems Inventory\n\nAlthough the Bureau had performed an inventory of all of its automated information systems\nexcept for international project offices and identified 48 mission-critical systems. the\nBureau\xe2\x80\x99s May 1998 \xe2\x80\x9cQuarterly Report\xe2\x80\x9d to the Department\xe2\x80\x99s Chief Information Officer\nshowed only 16 noncompliant mission-critical systems. We found that the Bureau was\nreporting only 16 systems as mission critical because its Y2K project management did not\nuse the Department\xe2\x80\x99s criterion for reporting mission-critical systems, which states that \xe2\x80\x9cthose\nsystems that when their capabilities are degraded, the organization realizes a resulting loss\n\n\n                                              4\n\x0cof a core capability or life or property are threatened.\xe2\x80\x9d Although Bureau Y2K project\nmanagement did not use the Department\xe2\x80\x99s criterion for reporting, the Bureau received\napproval from the Department\xe2\x80\x99s Office ofInformation Resources hlanagement to report only\nthose systems that were to be repaired because of the large number of mission-critical\nsystems that would otherwise have to be reported and managed. Therefore, Bureau j\xe2\x80\x992K\nproject management said that it tracked and reported only systems that met all of the\nfollowing Bureau criteria: (1) were mission critical, (2) were not Y2K compliant, (3) were\ndate dependent, and (4) were being redeveloped or repaired. However, Office of\nManagement and Budget Memorandum 98-02 requires that executive agencies report the\n\xe2\x80\x9ctotal number of mission-critical systems,\xe2\x80\x9d as well as the \xe2\x80\x9cnumber compliant, number being\nreplaced, number being repaired, and number being retired.\xe2\x80\x9d As a result, the Bureau and\nDepartmental Y2K project management were not tracking the replacement of Bureau\nmission-critical systems, such as the Mid-Pacific Region\xe2\x80\x99s Sutron Database System and the\nCentralized Water and Power System Control system, that \\vere not Y2K compliant and were\nnot reporting these systems to the Office of Management and Budget. However, in its\nSeptember 23, 1998, response (Appendix 2) to the draft report, the Bureau stated that it is\nproviding \xe2\x80\x9chigh-level, ongoing management attention to ensure that all mission-critical\napplications will be Y2K compliant in sufficient time prior to January 2000.\xe2\x80\x9d\n\nAdditionally, Y2K project management had not initially ensured that systems which had\nbeen identified by Bureau regional personnel as Y2K compliant were Y2K compliant.\nHowever, Y2K project management stated in exit conferences that a process was in place as\nof July 1998 to ensure that systems which had been identified by Bureau regional personnel\nas Y2K compliant are Y2K compliant.\n\nWe also found that the Bureau\xe2\x80\x99s method of reporting mission-critical systems to the\nDepartment\xe2\x80\x99s Chief Information Officer did not focus on the Bureau\xe2\x80\x99s mission and ability\nto perform its core capabilities and that each region was allowed to define its mission-critical\nsystems. Therefore, the reporting of mission-critical systems was not consistent within the\nBureau. For example, the Bureau tracked and reported the Upper Colorado Region\xe2\x80\x99s\nColorado River Storage Project (CRSP) and the Great Plains Region\xe2\x80\x99s Wyoming Area Ot\xe2\x80\x99ice\nSupervisory Control and Data Acquisition(SCADA)3 systems as mission critical. Howe\\.er,\nthere are SCADA systems in the other regions, such as the Lou,er Colorado and the Mid-\nPacific, that were identified as mission critical and not Y2K compliant at the time the\ninventory was completed but were not reported. By not ensuring that all mission-critical\nsystems which support core capabilities are Y2K compliant before the year 2000, the risk is\nincreased that some of the Bureau\xe2\x80\x99s systems may fail and that the Bureau may not be able\nto deliver water and hydroelectric power to its customers without incurring significant\npersonnel costs.\n\nThe Department\xe2\x80\x99s Chief Information Officer requested that we determine the progress ofthe\nBureau and the Service Center in addressing embedded microchips in information systems\n\n\n3SC.4DA systems are systems that interface within selected water projects and are used by the Bureau ro\nmonitor and control water flow and hydroelectric power.\n\x0cand facilities. We found that the Bureau and the Service Center, at the time of our review,\nhad begun to inventory embedded microchips in information systems and facilities.\n\nAuditable Cost Estimates\n\nOf the 16 mission-critical systems reported to the Department\xe2\x80\x99s Chief Information Officer,\ndocumentation was maintained for 2 systems: the Technical Service Center\xe2\x80\x99s Data\nAcquisition and Management System (DAMS) and the Upper Colorado Region\xe2\x80\x99s CRSP\nSCADA system. We found that the cost estimate of $9,000 for DAMS was auditable and\nthat the revised estimate of $285,300 for the Upper Colorado Region\xe2\x80\x99s CRSP SCADA\nsystem also was auditable.\n\nAlthough cost estimates reported for the remaining 14 mission-critical systems were not\nauditable, we attempted to determine whether the methodologies used by Bureau personnel\nto develop the cost estimates were reasonable. Based on information from regional\npersonnel responsible for developing the cost estimates, we found that the methodologies\nused varied. For example, cost estimates for the Modsim, the PNOPER, and the Hydromet\nPNl systems in the Pacific Northwest Region were initially based on total lines of source\ncoded multiplied by $1 SO. However, personnel in the Region said that because they believed\nthe results were too high, they lowered the amounts for reporting purposes based on \xe2\x80\x9cbest\nestimates.\xe2\x80\x9d In addition, the EM340 terminal emulator in the Pacific Northwest Region was\nrenovated to be Y2K compliant. However, w\xe2\x80\x99e found that the renovation costs were $35\nrather than the $5,000 reported. For the SCADA system in the Great Plains Region\xe2\x80\x99s\nWyoming Area Office, personnel in the Region said that the amount was a \xe2\x80\x9cbest estimate.\xe2\x80\x9d\nFor the Hydromet Support and the North Platte River Daily Water Accounting systems,\nwhich also are in the Great Plains Region, personnel in the Region said that the estimates\nwere based on total lines of source code multiplied by S 1.50. Additionally, renovation of the\nHydrological River Operations Study System (HYDROSS) at the Technical Service Center\nwas estimated to cost $5,680, which, according to the Y2K coordinator, was based on an\nestimated 2 weeks of effort (80 hours) multiplied by S60 per hour. However, this formula\nwould result in an estimate of $4,800. In its response to the draft report, the Bureau stated\nthat the costs were $500 to renovate the EM340 terminal emulator and $5,680 for the\nHYDROSS. However, because adequate documentation to support these costs was not\nprovided and because the Bureau stated in its response that \xe2\x80\x9cin most instances there have\nbeen no means to track Y2K costs,\xe2\x80\x9d we determined that the Bureau\xe2\x80\x99s reported estimated and\nactual costs were not auditable.\n\nIn its response to the draft report, the Bureau stated that the Office of Inspector General did\nnot \xe2\x80\x9cexpect consistent and auditable cost estimates at this point.\xe2\x80\x9d Hovvever, we stated that\nwe did not expect the Bureau to expend resources in correcting prior estimates but to ensure\nthat future estimated and actual costs were supported and auditable.\n\n\n\n4Lines of source code are statements and instructions used by the computer to execute the tasks of computer\nprograms. (Computer Desktop Encyclopedia? Version 9.4,4th quarter, 1996)\n\n                                                    6\n\x0cAccording to Service Center Y2Kproject management, the Service Center had not developed\nany cost estimates related to FPPS because the System was reported as compliant by design.\nProject management was aware that products and the mainframe operating system which\nwere used to develop and operate FPPS were identified as not Y2K compliant. However,\nService Center Y2K project management said that they considered the upgrades to these\nsystems to be part of normal maintenance and not directly related to Y2K. Consequently, the\ncost estimates related to Y2K remediation were not applicable. However, if costs\nspecifically related to remediating Y2K problems are identified, these costs should be\nreported to the Department\xe2\x80\x99s Chief Information Officer.\n\nDesignation of Responsible Individuals\n\nWe found that the Bureau had specifically designated, by name, the Y2K executive, the\nBureau Y2K coordinator, and Y2K coordinators in each of the Bureau\xe2\x80\x99s regional offices in\nits \xe2\x80\x9cYear 2000 IT Comprehensive Plan.\xe2\x80\x9d In addition, the Service Center had specifically\nnamed a Y2K executive, a Y2K program manager, a Y2K coordinator, and three Y2K\nprogram element leaders. Therefore, the Bureau and the Service Center had completed this\nrequirement.\n\nAnnual Personnel Performance Evaluation Plans\n\nThe Secretary of the Interior\xe2\x80\x99s December 1997 memorandum required that \xe2\x80\x9ca critical\nperformance element for identifying and remedying\xe2\x80\x9d theY2K problem be included as part\nof each responsible official\xe2\x80\x99s annual performance plan. Responsible officials are defined in\nthe memorandum as agency directors, agency Y2K executives, agency information resources\nmanagement coordinators, safety officials, and all others as determined by the Y2K\nexecutives. We found that 5 of the 13 Bureau Y2K coordinators, the Bureau Information\nResources Management Coordinator, and the Bureau Y2K executive had elements\naddressing Y2K objectives in their annual personnel performance evaluation plans.\nHowever, the remaining eight Bureau Y2K coordinators did not have such elements included\nin their annual personnel performance evaluation plans.\n\nWe found that all six members of the Denver Administrative Service Center\xe2\x80\x99Y2K\n                                                                          s   project\nteam had elements addressing Y2K objectives in their annual personnel performance\nevaluation plans.\n\nPlan for Milestones\n\nWe found that the Bureau had provided a reasonable basis for developing the master plan and\ncritical paths for the systems reported to the Department as part of the progress reports.\nSpecifically, the milestones established in the Bureau\xe2\x80\x99s master plan were developed by\nsystem owners or other responsible persons in each region who were knowledgeable of the\nsystems, and the Bureau Y2K coordinator used a project management software tool to assist\nin developing the plan. However, as discussed in the section \xe2\x80\x9cAutomated Information\nSystems Inventory\xe2\x80\x9d in this report, not all mission-critical systems had been included in the\n\n                                             7\n\x0cmaster plan. In addition, although the initial milestones appear to be reasonable, some ofthe\ncompletion dates reported in the Bureau\xe2\x80\x99s progress report were inaccurate (see the section\n\xe2\x80\x9cOther Issues\xe2\x80\x9d).\n\nThe Service Center had developed five action plans: ( 1) the \xe2\x80\x9cYear 2000 Conversion Project\nAction Plan,\xe2\x80\x9d (2) the \xe2\x80\x9cDASC Telecommunications l-ear 2000 Compliance Plan,\xe2\x80\x9d (3) the\n\xe2\x80\x9cDASC LAN/PC Systems Year 2000 Compliance Plan,\xe2\x80\x9d (4) the \xe2\x80\x9cY2K Embedded Chip\nProject Plan,\xe2\x80\x9d and (5) the \xe2\x80\x9cFPPS Year 2000 Conversion Action Plan.\xe2\x80\x9d All of these plans\ncontain milestones and critical paths to addressY2K compliance for each system. Although\nthese plans were internal Service Center documents that were not submitted to the\nDepartment\xe2\x80\x99s ChiefInformation Officer and dates were revised as necessary, we believe that\nthe plans adequately identified milestones and critical areas. As of May 1998, these action\nplans had completion dates of March 1999 or earlier.\n\nContingency Plans\n\nWe found that the Bureau had contingency plans for 15 of the 16 reported mission-critical\nsystems. The Bureau did not develop a contingency plan for the Pacific Northwest Region\xe2\x80\x99s\nEM340 system because Bureau management stated that this system Leas compliant and a\ncontingency plan was not necessary. The contingent!. plans for the 15 remaining systems\nwere not specifically related to Y2K but were existing plans for disasters such as floods or\nearthquakes at the project sites. If the systems fail on January 1, 2000, the Bureau\xe2\x80\x99s\ncontingency plans are to perform the functions of these systems manually based upon the\nprocedures defined in the disaster plans. The disaster recovery plans may not be adequate\nin the case of Y2K failures because of the possible length of time required to remediate the\naffected systems and the ready availability of people to repair lines of code or to perform the\nmanual operations. The disaster plans n-e reviewed \\t\\-ere for specific projects or clusters of\nprojects, such as for Hoover, Parker, and Davis Dams. and did not assess the impact on the\nBureau for the loss of systems such as the SCADA. Further, the plans did not identify the\nnumber and experience level of personnel required to operate the Bureau\xe2\x80\x99s facilities\nmanually and did not take into consideration the impact that embedded microchips in cellular\nphones, telephones, radios, and automobiles mayhaye on the Bureau\xe2\x80\x99s ability to operate its\nfacilities. For example, we found the following:\n\n    - Bureau management said that they believed \xe2\x80\x9cpeople will be available at the power\nplants to take over [operate the power plants manually]\xe2\x80\x9d if the Bureau\xe2\x80\x99s noncompliant\nSCADA systems, including hardware, software, and sensing devices, do not function after\nDecember 3 1, 1999. In the Department\xe2\x80\x99s May 1998 \xe2\x80\x9cProgress Report\xe2\x80\x9d to the Office of\nManagement and Budget, the Bureau requested a Lx-aiver to the Dual Compensation Act\xe2\x80\x99\nfrom the Office of Personnel Management to hire 10 power plant operators should the\nSCADA systems fail. In its response, the Bureau stated that two SCADA systems were not\nY2K compliant and that \xe2\x80\x9c[mlost operations managers do not expect a need for additional\n\n\n\xe2\x80\x98A waiver from the Act allows the Bureau to hire retired Federal employees without loss or reduction to the\nemployees\xe2\x80\x99 entitlements.\n\n                                                     8\n\x0chelp.\xe2\x80\x9d Therefore, according to the Bureau. the request for 10 power plant operators was\n\xe2\x80\x9cReclamation-wide in nature to cover unforseen contingencies.\xe2\x80\x9d However, we continue to\nbelieve that if SCADA systems fail and the additional people required to operate water\nproject gates and power plants manually are not readily available, the Bureau may not have\ncontrol over water flow and its power plants.\n\n    - The North Platte River Daily Water Accounting system automates the daily accounting\nfor stream flows, reservoir conditions, and ownership in the North Platte River Basin in\nWyoming. We found that if the system fails, the Wyoming Area Office will be prevented\nfrom performing the daily accounting of the North Platte River Basin. Wyoming Area Office\nofficials stated that the Bureau has a legal requirement to supply information generated by\nthe system.\n\nIn its response to the draft report, the Bureau stated that although the Continuity of\nOperations Plans did not address the failure of \xe2\x80\x9ccellular phones, telephones, radios, and\nautomobiles,\xe2\x80\x9d the Bureau \xe2\x80\x9ccannot be held responsible for global and common possibilities\noutside our scope or ability to control.\xe2\x80\x9d However, the Bureau stated that it is developing a\ncontingency and management guide for power and water facilities. We believe that when\ncontingency plans are completed, the Bureau\\v-ill be better able to ensure that its water and\npower facilities will operate beyond the year 2000.\n\nThe Denver Administrative Service Center had not developed contingency plans related to\nY2K for the mainframe systems because: according to Service Center Y2K project\nmanagement, the systems were to be Y2K compliant by the fall of 1998. Service Center\nY2K project management stated that if this target date was not met, a contingency plan\nwould be developed.\n\nOther Issues\n\nWe found other issues that affect the Bureau\xe2\x80\x99s and the Service Center\xe2\x80\x99s Y2K readiness\nefforts which should be addressed as follows:\n\n       - Data Exchange. The Department ofthe Interior and the Office ofManagement and\nBudget required that an inventory of all data exchanges with outside parties be completed by\nFebruary 1, 1998, and that coordination with these parties to determine a transition plan\noccur by March 1,1998. We found that the Bureau had not met the Office of Management\nand Budget\xe2\x80\x99s target date in that only 22 of the 33 Bureau field offices responded to the\nBureau Y2K coordinator\xe2\x80\x99s request for data exchange information as of May 1998.\n\nThe Service Center had inventoried its data exchanges, including external and internal\ninterfaces, and had contacted responsible parties for all but 5 of the 48 interfaces identified\nin the inventory that were in use. According to Service Center Y2K project management,\ntwo of the fi1.e interfaces will be retired before the year 2000, and the remaining three\ninterfaces were determined to be the receivers\xe2\x80\x99 responsibility. However, documentation n\xe2\x80\x99as\nnot available to support that these parties were contacted by Service Center project\nmanagement to confirm responsibilities.\n\n                                              9\n\x0c        - Independent Verification and Validation. According to Bureau management,\nthe independent verification and validation testing of mission-critical systems being\nrenovated was to be performed internally by Bureau staff because of the expertise needed to\ntest the systems and the cost im,olved in having independent verification and validation\nperformed by outside contractors. According to Sen-ice Center Y2K project management,\nthe Service Center, at the time of our review, was evaluating the use of a contractor to assist\nin the independent verification and validation testing of FPPS forY2K. However, we found\nthat neither the Bureau nor the Service Center had de\\.eloped independent verification and\nvalidation test plans or performed independent verification and validation testing ofmission-\ncritical systems as of May 1998.\n\n        - Compliance Reporting. The Bureau had reported to the Department\xe2\x80\x99s Chief\nInformation Officer that the Wyoming Area Office\xe2\x80\x99s SCADA system was compliant as of\nDecember 1997 except for certification of the system. However, based on information from\nGreat Plains Regional personnel responsible for the system, we found, at the time of our\nreview, that the repaired system had not been implemented. In its response to the draft\nreport, the Bureau stated that the system had been implemented.\n\nThe Service Center\xe2\x80\x99s mainframe computer, the computer that operates FPPS and the\nDepartment\xe2\x80\x99s Federal Financial System (FFS), was reported to be compliant as of July 1997.\nHowever, we found that the Service Center\xe2\x80\x99s version of the mainframe computer operating\nsystem was not Y2K compliant and would not be compliant unless more than 100 program\ntemporary fixes were implemented or the system was upgraded to a newer version of the\noperating system. Service Center Y2K project management said that they planned to upgrade\nto the newer version of the operating system and to test the upgraded operating system for\nY2K compliance by August 1998. In addition, the Service Center reported that FPPS was\ncompliant by design. However, the software products used to develop and operate FPPS\nwere not Y2K compliant (see the section \xe2\x80\x9cAuditable Cost Estimates\xe2\x80\x9d). These issues were\nnot addressed in the Service Center\xe2\x80\x99s information submitted to the Department\xe2\x80\x99s Chief\nInformation Officer for the May 1998 \xe2\x80\x9cProgress Report.\xe2\x80\x9d\n\n         - Vendor Certifications. We found that to determine the Y2K compliance of\nvendor-supplied hardware and sof3vare. Service Center Y2K project management relied on\nthe vendors\xe2\x80\x99 written certifications. Hobvever, when the vendors\xe2\x80\x99 certifications could not be\nobtained, information contained in the vendors\xe2\x80\x99 Internet home pages \\vas used. Although the\nService Center had requested bitten certifications of Y2K compliance from its 25\nmainframe software vendors, Service Center Y2K project management had received only\nletters certifying Y2K compliance for the software in use from 6 of the vendors.As of May\n1998, the status of the requests made to the data communication vendors by the Service\nCenter was as follows:\n\n       - Responses had not been received from vendors on about 4 percent of the Service\nCenter\xe2\x80\x99s components.\n\n       - Responses had been received from vendors stating that these components were Y3,K\ncompliant on about 18 percent of the components.\n\n                                             10\n\x0c        - Service Center Y2K project management was still addressing the Y2K problems for\n 35 percent of its data communication components through planned software upgrades, date\n independence, and end of life for hardw,are and soft\\\\ are components (no longer needed).\n\n        - Service Center Y2K project management relied on Internet site information for the\n remaining 43 percent of the Service Center\xe2\x80\x99s components to ensure Y2K compliance.\n\n However, Service Center Y2K project management stated that all data communication\n software and hardware would be tested where possible.\n\n        - System Component Consolidation. The Bureau reported each component of the\nPacific Northwest Region\xe2\x80\x99s Sutron Hydromet system as an individual mission-critical\nsystem. However, personnel in that region responsible for the system said that these\ncomponents should not have been reported individually. If the components were combined\ninto one mission-critical Hydromet system, the number of mission-critical systems reported\nfor the Pacific Northwest Region would be 5 rather than 10.\n\n        - System Owners. In the Bureau\xe2\x80\x99s Y2K master plan, regional offices rather than\npersonnel were identified as system owners. Although the Bureau\xe2\x80\x99s master plan identified\na contact (by name) for each of the mission-critical systems reported, we believe that the\ndesignation of regional offices as system owners did not meet the intent of the General\nAccounting Office\xe2\x80\x99s \xe2\x80\x9cYear 2000 Computing Crisis: An Assessment Guide,\xe2\x80\x9d which the\nDepartment required bureaus to follow for Y2K project management and for identifying\nsystem owners.\n\n        - The Federal Financial System. During our review, we found that Bureau Y2K\nproject management as a customer and Service Center Y2K project management as a service\nprovider were concerned that the FFS Y2K testing may not be completed as scheduled. FFS\nis used by six bureaus within the Department of the Interior and by other Federal agencies.\nFFS is being renovated under the Office of the Secretary, and acceptance testing is the\nresponsibility of the U.S. Geological Survey\xe2\x80\x99s Washington Administrative Service Center.\nFurther, the Geological Survey\xe2\x80\x99s mainframe computer, which is the computer where FFS\nacceptance testing is performed and where FFS operates for three bureaus, had the same\noperating system as the Denver Administrative Service Center\xe2\x80\x99s mainframe computer (which\nis not Y2K compliant and will not be compliant unless more than 100 program temporary\nfixes are implemented or the system is upgraded to a newer version of the operating system).\nBureau and Service Center Y2K project management said that they are not certain that FFS\ncan be fully tested at either the Denver or the Washington Administrative Service Center\nuntil the upgraded version of the mainframe operating system has been implemented at each\nCenter. Additionally, the originally scheduled completion date of June 1998 for\nimplementation of the renovated FFS was not feasible because the upgrade to the operating\nsystem was not available for testing until July 1998, and the Bureau and the Denver\nAdministrative Service Center expressed concerns that problems related to Y2K could be\nencountered during fiscal year 1999.\n\n\n\n                                            11\n\x0cOn July 30. 1998, we held an exit conference withY2K project management of the Denver\nAdministrative Service Center and on August 6, 1998. with project management of the\nBureau of Reclamation and the Chief Information Officer. Service Center Y2K project\nmanagement generally agreed with the conclusions contained in this report. However,\nBureau Y2K project management expressed concerns regarding our conclusions on the\nBureau\xe2\x80\x99s reporting of mission-critical systems and adequacy of contingency plans. The\nBureau provided additional information in its response. Specifically, the Bureau generally\nconcurred with the report and said that it \xe2\x80\x9cwill continue to focus on Y2K project issues\xe2\x80\x9d and\non meeting Departmental and Office of Management and Budget milestone dates. Although\nthe Bureau disagreed with our conclusion regarding the adequacy of its contingency plans\nand stated that only one SCADA will not be Y2K compliant by January 2000, it cited actions\nbeing taken which should enable the Bureau to meet the required milestones for having Y2K\ncompliant mission-critical systems except for the \xe2\x80\x9cMid-Pacific\xe2\x80\x99s CVACS.\xe2\x80\x9d Based on\ndiscussions with Bureau Y2K project management and on the response, we made changes\nto the report as appropriate, and we have not made any recommendations.\n\nSince this report does not contain any recommendations, a response is not required.\n\nThe legislation, as amended, creating the Office of Inspector General requires semiannual\nreporting to the Congress on all audit reports issued, the monetary impact of audit findings,\nactions taken to implement audit recommendations, and identification of each significant\nrecommendation on which corrective action has not been taken.\n\nWe appreciate the assistance of personnel at the Bureau of Reclamation\xe2\x80\x99s Management\nServices Office and regional offices and the Denver Administrative Service Center in the\nconduct of our review.\n\n\n\n\n                                             12\n\x0c                                                                                         APPENDIX 1\n                                                                                           Page 1 of 2\n\n   BUREAU OF RECLAMATION/DENVER ADMINISTRATIVE\n SERVICE CENTER MISSION-CRITICAL SYSTEMS INVENTORY\xe2\x80\x99\n                                                                                            Estimated\n   System Name or                                                                            Cost for\n      Acronym                                      Description                             Compliance\n\n\nGreat Plains (GP)         Provides Hydromet data reporting and maintenance                      $50,000\nHydromet Support          functions and supports the capture and upload of\n                          data into Hydromet from outside sources.\n\nEM340                     Digital 340 Terminal Emulation software for                              5,000\n                          Hydromet interfaces.\n\nHydromet PN 1             Yakima Hydromet System. Collects and processes                          30,000\n                          hydrologic and meteorologic data on a near-real-\n                          time basis.\n\nInhouse Hydromet          Hydromet data analysis tools. Program uses the                          16,000\n                          information from Hydromet to retrieve, compute,\n                          and convert data. This allows users to format\n                          reports and use the data for analysis and display.\n\nSutron Hydromet           Hydromet data collection, translation, and storage.                    75,000\n\nNorth Platte River        Automated daily accounting of stream flows,                            60,000\nDaily Water               reservoir conditions, and ownership in the North\nAccounting                Platte River Basin in Wyoming.\n(NPRDWA)\nWyoming Area              Monitors and controls 14 power plants and 3                              3,000\nOffice Supervisory        irrigation canals, and controls flows in 5 river\nControl and Data          systems.\nAcquisition\n(SCADA WYAO)\nInhouse                   Data analysis and formatting.                                          22,500\nAgricultural and\nMeteorology Data\n(AGRIMET)\n\n\n*Information is from the \xe2\x80\x9cDepartment of the Interior Year 2000 Management Plan.\xe2\x80\x9d issued in February 1998,\nand the Bureau of Reclamation\xe2\x80\x99s \xe2\x80\x9cY2K Sofhvare Application Report,\xe2\x80\x9d dated February 1998.\n\n                                                   13\n\x0c                                                                                             APPENDIX 1\n                                                                                               Page 2 of 2\n                                                                                                Estimated\n   System Name or                                                                                cost for\n      Acronym                                        Description                               Compliance\n\n\nInhouse River               Data analysis tools. Program uses the information                       37,500\nOperations                  from Hydromet to retrieve, compute, and convert\n                            data. This allows users to format reports and use\n                            the data for analysis and display-.\nModel Simulator             River System Operations Simulation. River                               20,000\n(Modsim)                    modeling and simulation program.\nPacific Northwest          Real-time hydrologic and meteorologic data to                            lS,OOO\nOperations                 support the Bureau\xe2\x80\x99s water resource management\n(PNOPER)                   mission. Supported functional areas include flood\n                           control, hydrologic and structural monitoring related\n                           to dam safety, irrigation water supply, power\n                           generation, dam operations, and water supply.\nUmatilla Planning          River System Operations Simulation. River                               20,500\nModule                     modeling and simulation program.\n\nY akima Planning           River Operations Simulation. Ri\\-er modeling and                        20,000\nModel                      simulation program.\n\nData Acquisition           Instrumentation database.                                                 9,000\nand Management\nSystem (DAMS)\nHydrological River         Water rights and supply accounting model used in                          5,680\nOperations Study           river basin planning studies.\nSystem\n(HYDROSS)\n\nColorado River      Remotely controls generation and water bypass for                            285,300\xe2\x80\x9d\nStorage Project     8 hydroelectric plants, with a total of 19 generating\nSupervisory Control units.\nand Data\nAcquisition (CRSP\nSCADA)\n     Total                                                                                      $674.480\n\n\n\n**This revised estimated cost is the amount reported by the Department of the Interior to the Office of\nManagement and Budget as of May 1998 in the Department\xe2\x80\x99s \xe2\x80\x9cQuarterly Progress Report.\xe2\x80\x9d\n\n\n\n                                                     14\n\x0c                                                                                       APPENDIX 2\n                                                                                       Page 1 of 3\n\n\n                United States Department of the Interior\n\n\n\n\n                                       MEMORANDUM\n\nTo:            Ofice of Inspector General\n                Acting Assistant Insp     -al for Audit-\n\nFrom:          Eluid L. Martinez /\n               Commissioner/\n\nSubject:       Comments on the Draft Evaluation Report on Year 2000 Readiness of Automated\n               Information Systems (Assignment No. A-IN-BOR-OOl-98R)\n\nAttached are comments on the Draft Evaluation Report on Year 2000 Readiness of Automated\nInformation Systems (Assignment No. A-IN-BOR-OOl-98R) at the Bureau of Reclamation. We\nappreciate the opportunity to review and comment on the draft report\n\nThe report reflects a nontechnical review of Year 2000(Y2K) readiness within Reclamation and\nthe status of the Y2K project in light of Offke of Management and Budget and Department of the\nInterior required guidelines and the six criteria requested for evaluation by the Department\xe2\x80\x99s Chief\nlnformation Officer. Discussions between our staffs during the preliminarydraft review period\nresulted in many requested corrections which are reflected in the referenced draft. However. we\nbelieve several general comments in the report are unsupported opinions of Reclamation\noperations. Our response reflects only a few of the items of concern from thedraft report.\nReclamation will continue to focus on Y2K project issues and meet every deadline imposed by the\nDepartment and OME.\n\nWe appreciate the difficulty of reporting on such a complex subject. We hope you will find the\nattached comments to be of assistance, and we will be pleased to providefkther information or\nclarification on any of the comments provided.\n\n\n\n\nAttachment\n\ncc: Assistant Secretary - Water and Science, Attention: Carla Burzyk\n      (w/attachment)\n\n\n\n                                                 15\n\x0c                                                                                         APPENDIX 2\n                                                                                         Page 2 of 3\n\n\n\n                                   Bureau of Reclamation\n                           Comments on OIG Draft Evaluation Report\n                     Year 2000 Readiness of Automated Information Systems\n                             [A i nm n\n\n                                       General Comments\n\nResults of Evaluation\nAll known systems were reported in the comprehensive plan sent to the Department of the\nInterior (DOI) June 1, 1997. Estimated completion dates have proven accurate with less than 5\npercent error. For many years Reclamation has had complex Continuity of Operations Plans for\nall of our facilities. The draft implied these Plans did not address all of the specific and\nwidespread contingencies that could occur as a result of the Y2K problem even though each\nfacility is prepared for any potential disaster, includingY2K calamities. Reclamation is currently\nin the process of developing a \xe2\x80\x9cY2K Contingency Planning and Management Guide for Power\nand Water Facilities\xe2\x80\x9d which should cover any anticipated shortfalls.\n\nAutomated Information Svstems Inventory\nAt the time of the inventory, no definition for mission-critical systems was available fromDOI.\nReclamation used a combination of definitions from the Department of the Air ForceY2K\xe2\x80\x99s\ncriteria with a semblance of the actual mission of our Bureau. Reclamation did initially report\nmore mission-critical systems in an attempt to f\xe2\x80\x99Llly recognize all Y2K issues. However, as a\nresult of discussions with, and as directed by the Oflice of Information Resources Management\n(OIRM), Reclamation reduced to 16 the number of mission-critical systems that were to be\nrepaired. Based on this guidance, and as a result of guidance from OIRM. Reclamation did not\nreport mission-critical applications that were not Y2K compliant and were scheduled to be retired\nor replaced.\n\nReclamation does, however, recognize the concern expressed by the OIG with respect to ensuring\nthat all mission-critical applications are addressed. In fact, we are cognizant of the need to ensure\nthat these applications will continue to function after January 1, 2000, and are providing high-\nlevel, ongoing management attention to ensure that all mission-critical applications will beY2K\ncompliant in sut\xe2\x80\x99ficient time prior to January 2000.\n\nContiwencv Planning\nReference was made that nowhere in the facilities Continuity of Operations Plans was any\nconsideration made in the event that cellular phones, telephones, radios, and automobiles may fail\ndue to Y2K noncompliance. Reclamation cannot be held responsible for global and common\npossibilities outside our scope or ability to control. However, it is the nature of our workforce to\nbe at the work site or be readily available to transit to the work site at a moment\xe2\x80\x99s notice.\n\nAuditable Cost Estimates\nThe OIG stated that it did not expect consistent and auditable cost estimates at this point but\nrather. Reclamation should keep track of Y2K expenses from this point forward.\n\n                                                  1\n\n\n\n                                                16\n\x0c                                                                                     APPENDIX 2\n                                                                                     Page 3 of 3\n\n\nSDecific Comments\n\n1.   Page 2. leadinG oaraeraDh. third sentence: Should read March 1, 1999. This is the\n     artificially mandated due date for implementation of all Y2K software applications. All\n     systems with the exception of the Mid-Pacific\xe2\x80\x99s CVACS will beY2K compliant and\n     implemented by March 1, 1999.\n\n2.   Page 6. DaraUaDhs 1 and 2: Since no \xe2\x80\x9cspecial\xe2\x80\x9d tinding was or is available for Y2K efforts,\n     Y2K costs were and are still taken out of operations and project tinds as they currently\n     exist in each office. In most instances there have been no means to track Y2K costs.\n\n3.   &ge 6. pwraph 2. sentence 5: The actual cost to upgrade the terminal emulator\n     package in EM340 was $500, and the actual cost to complete the HYJIROSS application\n     renovation, including testing and implementation, was $5,680.\n\n4    Page 7. DaragraDh 2: We concur that not all Y2K involved personnel had Y2K\n     performance elements in their annual performance plans, including appropriate\n     Reclamation executives, Since then, fbrther direction has been disseminated from the\n     Commissioner\xe2\x80\x99s ofice to assure the Y2K mission-critical element has been or will soon be\n     added to all Y2K responsible personnel.\n\n5.    Paee 8. DaragraDh 2 under \xe2\x80\x9cContingencv Plans\xe2\x80\x9d: The actual number of noncompliant\n     SCADA systems within Reclamation was two, compared to the numerous SCADA\n     systems found throughout Reclamation. It is believed that ten powerplant operators\n     would more than cover these two SCADA sites. %lost operations managers do not expect\n     a need for additional help, since most feel they are already adequately stat-fed for such an\n     emergency. The original request was Reclamation-wide in nature to cover unforeseen\n     contingencies that may be outside our control.\n\n6.   Page 9. Dararrauh 5: Reclamation had received no IV&V plan guidance from either DO1\n     or OMB at the time of the audit. However, OMB instructions specifying third party tests\n     and directions have been given to all Y2K involved personnel and offices throughout\n     Reclamation.\n\n7.   Paee 9. DaraUaDh 6. comDliance reDorting: The Y2K compliant SCADA system has been\n     implemented at the Wyoming Area Offlice and is still running. The system did, however.\n     show non-fatal errors relating to the four-digit year just introduced. These have since been\n     repaired.\n\n\n\n\n                                              2\n\n\n\n                                             17\n\x0c                  ILLEGAL OR WASTEFUL ACTIVITIES\n                      SHOULD BE REPORTED TO\n                 THE OFFICE OF INSPECTOR GENERAL\n\n\n                              Internet/E-Mail Address\n\n                                      www.oig.doi.gov\n\n\n\n                      Within the Continental United States\n\nU.S. Department of the Interior                         Our 24-hour\nOffice of Inspector General                             Telephone HOTLINE\n1849 C Street, N.W.                                     l-800-424-508 1 or\nMail Stop 5341                                          (202) 208-5300\nWashington, D.C. 20240\n\n                                                        TDD for hearing impaired\n                                                        (202) 208-2420 or\n                                                        l-800-354-0996\n\n\n                     Outside the Continental United States\n\n                                     Caribbean Region\n\nU.S. Department of the Interior                         (703) 235-9221\nOffice of Inspector General\nEastern Division - Investigations\n4040 Fairfax Drive\nSuite 303\nArlington, Virginia 22203\n\n                                    North Pacific Region\n\nU.S. Department of the Interior                       (67 1) 647-6060\nOffice of Inspector General\nNorth Pacific Region\n415 Chalan San Antonio\nBaltej Pavilion, Suite 306\nTamuning, Guam 969 11\n\x0c :\n m\n     ToU Free Numbers:\n :     l-800-424-5081\n :    TDD l-800-354-0996\n :\n .\n :   FTSICommercial Numbers:\n :\n      (202) 208-5300\n      TDD (202) 208-2420\n :\n m\n :\n\n\n\n      HOTLINE\n I\n\n :\n\n:\nm\n:    1849 C Street, N.W.\n:\n     Mail Stop 5341\n 5   Washington, D.C. 20240\n :\n :\n :\n :\n :\n :\n:.\n:\n:\nm_\n\x0c'